locked
ADFS - Adding Multi-Factor Authentication Provider - Register-AdfsAuthenticationProvider ERROR RRS feed

  • Question

  • We have been testing out a new ADFS Authentication Provider.

    It has been working fine, then all of sudden we get this error. I have searched for "ADFS You can only specify a maximum of one identity claim" but this error doesn't seem to show up. Any ideas what's wrong?

    PS C:\Windows\system32> $typeName = "NewAdapter.MyAdapter, NewAdapter, Version=1.0.0.0, Culture=neutral, PublicKeyToken=xxxxxxxxxxxxxxxx, processorArchitecture=MSIL"

    PS C:\Windows\system32> Register-AdfsAuthenticationProvider -TypeName $typeName -Name "NewAdapter"

    Register-AdfsAuthenticationProvider : ADMIN0021: Invalid authentication provider data.  You can only specify a maximum of one identity claim.
    At line:1 char:1
    + Register-AdfsAuthenticationProvider -TypeName $typeName -Name "New ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Register-AdfsAuthenticationProvider], InvalidDataException
        + FullyQualifiedErrorId : ADMIN0021: Invalid authentication provider data.  You can only specify a maximum of one identity claim.,Microsoft.IdentityServer.Management.Commands.AddExternalAuthProviderCommand

    Monday, July 16, 2018 10:39 AM

Answers

  • After some testing here is what we found:

    We created a project (TestApp) and added it to ADFS, then used the Powershell command to remove it.
    Then, we tried to create the project again with the same name (TestApp), we got the error: Register-AdfsAuthenticationProvider : ADMIN0021: Invalid authentication provider data.  You can only specify a maximum of one identity claim.

    Our only conclusion at this point is that the PowerShell Command "Unregister-AdfsAuthenticationProvider –Name "TestApp"  didn't completely remove the first project like the documentation said it would.

    At this point there is nothing more to do on this. Just wanted to complete the documentation here on what we found.

    • Marked as answer by amfa_guru Thursday, February 7, 2019 4:11 PM
    Friday, July 20, 2018 5:49 PM

All replies

  • What claims have you configured?

    Monday, July 16, 2018 6:43 PM
  • Allow Everyone, Require MFA

    The MFA is our own Adaptive Multi-Factor Authentication.

    We think this might have something to do with our attempt to change the name of the Adapter without removing the previous adapter. We need to test this.

    Tuesday, July 17, 2018 3:18 PM
  • After some testing here is what we found:

    We created a project (TestApp) and added it to ADFS, then used the Powershell command to remove it.
    Then, we tried to create the project again with the same name (TestApp), we got the error: Register-AdfsAuthenticationProvider : ADMIN0021: Invalid authentication provider data.  You can only specify a maximum of one identity claim.

    Our only conclusion at this point is that the PowerShell Command "Unregister-AdfsAuthenticationProvider –Name "TestApp"  didn't completely remove the first project like the documentation said it would.

    At this point there is nothing more to do on this. Just wanted to complete the documentation here on what we found.

    • Marked as answer by amfa_guru Thursday, February 7, 2019 4:11 PM
    Friday, July 20, 2018 5:49 PM